国家重点研发计划(2022YFB3102300); 国家自然科学基金(61825204, 61932016, 62132011); 北京高校卓越青年科学家计划(BJJWZYJH01201910003011)
传输层是网络协议栈的关键组成部分, 负责为不同主机间的应用程序提供端到端的服务. 已有的传输层协议如TCP等为用户提供了基本的差错控制和确认应答等安全保护机制, 在一定程度上保证了不同主机间应用程序收发报文的一致性. 但现有的传输层安全保护机制存在严重的缺陷, 如TCP报文的序列号容易被猜测推理, 报文校验和的计算依赖于有漏洞的补码求和算法等. 这导致现有的传输层安全机制并不能保证报文的完整性和安全性, 从而允许一个远程的攻击者伪造出一个报文, 注入到目标网络流中, 对目标网络流形成污染或攻击. 针对传输层的攻击发生在网络协议栈的基础层次, 可以旁路掉上层应用的安全保护机制, 对网络基础设施造成严重的危害. 深入研究近年来针对网络协议栈的各种攻击和相关安全漏洞, 提出一种基于轻量级链式验证的传输层安全性增强方法LightCTL. 所提方法基于哈希验证的方式, 使TCP连接双方能够对传输层报文形成彼此可验证的共识, 避免攻击者或中间人窃取和伪造敏感信息, 从而解决网络协议栈面临的典型安全威胁, 包括基于序列号推理的TCP连接重置攻击、TCP劫持攻击、SYN洪泛攻击、中间人攻击、报文重放攻击等. LightCTL不需要修改中间网络设备如路由器等的协议栈, 只需对终端协议栈中的校验和相关部分进行修改, 因此方法易于部署, 同时显著提升了网络系统的安全性.
The transport layer is a key component in the network protocol stack, which is responsible for providing end-to-end services for applications between different hosts. Existing transport layer protocols such as TCP provide users with some basic security protection mechanisms, e.g., error controls and acknowledgments, which ensures the consistency of datagrams sent and received by applications between different hosts to a certain extent. However, these security protection mechanisms of the transport layer have serious flaws. For example, the sequence number of TCP datagrams is easy to be guessed and inferred, and the calculation of the datagram’s checksum depends on the vulnerable sum of the complement algorithm. As a result, the existing transport layer security mechanisms cannot guarantee the integrity and security of the datagram, which allows a remote attacker to craft a fake datagram and inject it into the target network stream, thus poisoning the target network stream. The attack against the transport layer occurs at the basic layers of the network protocol stack, which can bypass the security protection mechanisms enforced at the upper application layer and thus cause serious damage to the network infrastructure. After investigating various attacks over network protocols and the related security vulnerabilities in recent years, this study proposes a method for enhancing the security of the transport layer? based on lightweight chain verification, namely LightCTL. Based on the hash verification, LightCTL enables both sides of a TCP connection to create a mutually verifiable consensus on transport layer datagrams, so as to prevent attackers or middlemen from stealing and forging sensitive information. As a result, LightCTL can successfully foil various attacks against the network protocol stack, including TCP connection reset attacks based on sequence number inferring, TCP hijacking attacks, SYN flooding attacks, man-in-the-middle attacks, and datagram replay attacks. Besides, LightCTL does not need to modify the protocol stack of intermediate network devices such as routers. It only needs to modify the checksum and the related parts of the end protocol stack. Therefore, LightCTL can be easily deployed and significantly improves the security of network systems.